Mozilla sent Firefox Version 80.0 to the release channel today. The update includes ten security updates of which three (3) are rated high, four (4) moderate and three (3) low. Curiously, the items listed in the Release Notes as "Fixed" are the same as those for Version 79.0.
Also released was Firefox ESR Version 68.12.
High
- #CVE-2020-15664: Attacker-induced prompt for extension installation
- #CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
Moderate
- #CVE-2020-12401: Timing-attack on ECDSA signature generation
- #CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation
- #CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion
- #CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown
Low
- #CVE-2020-15666: MediaError message property leaks cross-origin response status
- #CVE-2020-15667: Heap overflow when processing an update file
- #CVE-2020-15668: Data Race when reading certificate information
New
- Firefox can now be set as the default system PDF viewer.
- Several
crashes while using a screen reader were fixed, including a frequently
encountered crash when using the JAWS screen reader.
- Firefox
Developer Tools received significant fixes allowing screen reader
users to benefit from some of the tools that were previously
inaccessible.
- SVG
title
anddesc
elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.
Changed
- For users with reduced motion settings, we’ve reduced a number of animations such as tab loading to reduce motion for users with migraines and epilepsy.
- The new add-ons blocklist has been enabled to improve performance and scalability.
No comments:
Post a Comment